Cyber Security, Hacking, and Electoral Integrity

It’s Monday morning, which normally means that I’m sluggish, in need of coffee, and figuring out my calendar for the work week. This week I’m actually quite optimistic. Hanukah starts tomorrow night, but more importantly, A NEW STAR WARS MOVIE IS BEING RELEASED THIS WEEK!!! Sorry to geek out there, but Star Wars was quite a formative film franchise in my youth development, and is part of the reason why I was inspired to go into the tech industry. I apologize that I did not release a blog post over the weekend. I was quite busy with important but mundane chores and didn’t get a chance to open my computer screen.

Now, for my first rant of the week: There is a special election happening tomorrow in Alabama for the vacant senator seat there, and that means there will be a lot of registered voters heading to the polls. (Side note, if you are a US Citizen, residing in Alabama, over the age of 18, and registered to vote, do your civic duty and vote! It doesn’t matter for whom; just vote). The past year or so, the concept of electoral integrity has been a major news story, and this is directly related to the tech industry. Many polling districts use electronic voting machines. Unfortunately, like almost any computing device, these machines can be hacked.

Hacking is a very strong, yet misunderstood term. There are several different forms of hacking, from the original usage of finding workarounds to a problem or complexity, to the more common perception of gaining unauthorized access to a system for illicit gain or purpose. The latter reason, which in the cybersecurity world is known as Black Hat hacking, is why many technology and software companies employ what are called White Hat hackers, who try and hack the technology in question in order to document the vulnerabilities and patch them up to prevent anyone else from gaining access. There is also another category of hackers called Grey Hat hackers who operate in that shadowy grey area in between of illegal and legal, often doing something illegal but without seeking personal profit or gain. If you’ve illegally downloaded a song or used a cracked software, then you have done a Grey Hat hack.

Now, there has been a lot of concern with regards to electoral machines being manipulated by black hat hackers in order to influence the outcome of elections. Whether it be allegations of foreign influences, or domestic groups with a vested political interest, how can we be certain that are votes are properly being counted and tabulated as we intend them to be? This is where good computer security comes in hand. The best way to counter a hack is to be careful and secure with our passwords and authentication, while also being vigilant in our system security. Unfortunately, voting machines are not normally at the same level of development as PCs, which is something that needs to be addressed. We need to invest heavily in upgrading our voting machines, and in security for said machines.

However, more than voting machines, what terrifies me as a tech professional is proposed changes to how voter rolls are being stored. There is a plan being floated by the White House’s Commission on Electoral Integrity to warehouse all voter data, including sensitive information like social security numbers, on one potentially unsecure server in the White House. This scares me for several reasons. First, if a database is stored in the White House, which is the symbol of American partisan politics, then the voter database is in the hands and beholden to the whims of a political politician who may not be well versed in cyber security or computer technology better practices. What is to stop him or her from using the data contained to punish opposition voters or to purge everyone he or she doesn’t like from the list. Secondly, the servers of the White House are generally not as secure as those of the NSA, FBI or CIA. These agencies are more in the forefront of cyber security and technology, and are motivated by security concerns while generally being apolitical. Thirdly, putting all this information in once place creates a one stop shop for would be Black Hat hackers. The way the system is set up presently, each state (and territory) is in control of it’s own separate database with it’s own security and encryption. If a hacker wanted all of America’s voting data, they have to hack into 57 separate systems, each with separate forms of security, encryption, and a separate set of eyeballs watching it’s integrity. Inherently this means there are more chances of getting caught. It’s much easier to hack all of this data when you only have attack one system. Consequently, I feel the need to speak out against this particular plan because it is poor security architecture.

I am not an expert on voting machines or security therein, nor do I have a solution on how to secure the data of voter rolls while weighing the considerations some may have of the legitimacy of the voters enrolled, but I do intend to get a conversation started on it so we can as a society come up with a plan to protect our democracy while still enabling it to thrive.

Now, keeping with the theme of security and integrity, my tech tip of the day is about better practices with keeping your personal computer secure. If you use a Windows or Mac machine, Microsoft and Apple will periodically send updates to your machine. Make sure that your machine is set to automatically run updates. Most of them are fixes to address discovered flaws or new innovations created by hackers.
Ensure that you have antimalware AND antivirus installed on your machine, and make sure that their parameters are regularly updated. If you are cheap like me, Sophos is a good free anti-virus program. It is created and maintained by the Massachusetts Institute of Technology, so it’s got a pretty good reputation.

Make sure you are regularly using strong passwords. My rule of thumb on passwords is at least 8 characters, minimum of one upper case letter, one lower case letter, one numeric character and one special punctuation character. Also, make sure you update it regularly. I update my passwords every 30 days, but the industry standard is generally 90 days.

Make sure that your machine is only accessed by those who you let access it. This means you have it password protected, and that when you are not using your machine, or not attending to it, you have it locked so nobody else can access it. I addressed how to lock your machine in my first post.

Make sure that you are not unwittingly inviting a worm or virus onto your machine. Do not go to websites that are suspicious. Also, do not open emails, especially attachments or links in emails, that are suspicious. I addressed how to identify a spam email of this caliber in my second post.

Lastly, make sure you back your machine up regularly. If you do fall victim to an infection or hack, the best way to secure it is to revert to a backup from before you were hacked, and then put better security measures into place.

Well French Fries, I hope you all have an amazing start to your week, and your machines are now tightly secure. Tune in tomorrow, where you will be enlightened with another amazing tech tip! Until then…